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CLAIMS 

What is claimed is: 

1 1 . A method for performing a cryptographic^ operation on a message, comprising: 

2 (a) generating initial unpredictable /nformation; 

3 (b) using said initial unpredictable information, transforming an initial secret 

4 quantity into a plurality of randomized quantities having a predetermined 

5 logical relationship thereamong; and 

6 (c) performing a first step oysaid operation involving said randomized 

7 quantities in a hardware device to reduce the amount of useful information 

8 about said operation available from external monitoring of said hardware 

9 device. 



1 2. The method of Claim 1 ^herein jfeaftTmnial unpredictable information includes a 

2 plurality of random vafties obtai Wd from a random number generator. 



1 3. The method of Claim 1 wherein said initial secret quantity includes at least one of 

2 the group of secrey quantities comprising a message and a key. 



1 4. 



The method of Claim 1 wherein step (b) includes a blinding operation. 



1 5. The method of Claim 4 wherein said blinding operation includes an XOR 

2 operation. 

1 6. The method of Claim 1 wherein the probability that the value of any specific bit in 

2 any of sa/d randomized quantities is a "one" is one half (0.5). 



1 7. The method of Claim 1 wherein step (c) includes separately operating on a 

2 plural/ty of said randomized quantities in a random order. 
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The method of Claim 1 wherein said cryptographic operation is compatible with 
the Data Encryption Standard (DES), said method further comprising 
recombining the result of step (c) to produce a final result, said final result being a 
cryptographic representation of said message transformed with said DES 
algorithm. 

The method of Claim 8 further comp/ising using said initial unpredictable 
information to shuffle the S tables. 



10. The method of Claim 9 wherein said step of using said initial unpredictable 

information to shuffle said S tables includes blinding the outputs of said S tables. 



1 1 . The method of Claim 9 where/n said, 
information to shuffle said S jtables 




of using said initial unpredictable 
es permuting said S tables. 



12. The method of Claim 9 wherein step (c) includes extracting, in random order, data 
representing the six-bit inputs to the S tables in randomized form from said 
randomized quantities. 

1 3 . The method of Claim ]j further comprising: 

(d) updating at least one of said randomized quantities using additional 
unpredictable/information to generate at least one updated randomized 
quantity; anc 

(e) performing k second step of said operation involving said at least one 
updated randomized quantity. 



14. The method of Qlairn 13 wherein step (d) includes reordering the bit positions of 
said at least one randomized quantity. 
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15. The method of Claim 13 wherein step (d) includes randomizing the bit values of 
said at least one randomized quantity. 

16. The method of Claim 13 wherein step (d) includes incrementing and checking a 
failure counter prior to said updating, ancy clearing said failure counter following 
said updating. 

17. The method of Claim 13 wherein step/(c) includes performing said first step of 
said operation using a plurality of parameters, said method further comprises 
using said initial unpredictable information to initialize said parameters and 
updating said parameters to generate a plurality of updated parameters, and step 
(e) includes performing said second step of ^aicg^operation using said updated 
parameters. 



18. A method for performing a cryptographic operation on a message using a key, 
comprising: 

(a) using unpredictable information, transforming said message into a 
plurality of message portions having a predetermined logical relationship 
thereamong; 

(b) using unpredictable information, transforming said key into a plurality of 
key portions having a predetermined logical relationship thereamong; 

(c) performing a first step of said cryptographic operation on said message 
portions using said key portions in a hardware device to reduce the amount 
of useful information about said operation available from external 
monitoring of said hardware device; 

(d) updating^ at least one of said plurality of message portions with 
unpredictable information; 

(e) updating at least one of said plurality of key portions with unpredictable 
inforpiation; 
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(f) performing at least a second step of said cryptographic operation on said 
message portions using said key portions in a hardware device to reduce 
the amount of useful information aoout said operation available from 
external monitoring of said hardware device; and 

(g) returning a cryptographic resuty 

19. The method of Claim 1 8 wherein sa/d cryptographic operation is compatible with 
the Data Encryption Standard (DEjS) such that said result is a representation of the 
value derived by applying the DBS algorithm to said message. 



20. The method of Claim 1 8 further comprising a step of using unpredictable 
information to reshuffle the SAables bejfrfyedn step (c) and step (f). 

21 . The method of Claim 1 8 wherein s$(id/stepj(b) establishes a predefined 
mathematical relationship /between[^iid key portions and said secret quantity 
which is preserved when/said key portions are updated at step (e). 



22. A cryptographic processing device for performing a cryptographic operation in a 
manner resistant to discovery of a secret quantity by external monitoring, 
comprising: 

(a) an untrustedf input for electrical power, from which the device's power 
consumption can be measured; 

(b) a secure n/emory containing at least a representation of said secret 
quantity; i 

(c) a source pf unpredictable information for transforming said secret quantity 
into a plurality of randomized quantities having a predetermined logical 
relationship thereamong; 

(d) an inpmt/output interface; 



5559V2-ServerlA 



28 



12 
13 
14 



(e) a processor connected to said memory, configured to perform 

cryptographic transformations on randomized forms of data received via 
said interface using randomized forms pf said secret quantity. 



1 23. The device of Claim 22 wherein said devic^f comprises an ISO 7816 compliant 

2 smartcard. 

1 24. The device of claim 22 wherein said power consumption varies measurably 

2 during said cryptographic transformations, but where measurements of said power 

3 consumption are not correlated to saip secret quantity. 

1 25. The device of Claim 22 wherein sa/d source of unpredictable information 

2 comprises a random number generator. 
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1 26. The device of Claim 22 further eomprMlf atf least one register for temporarily 

2 storing said randomized quantifies, witierein ihe correlation between any single bit 

3 of said at least one register and said secret quantity is undetectably small, but 

4 where the correlation between a combination of multiple bits of said at least one 

5 register and said secret quantity is measurably significant. 

1 27. The device of Claim 26 wherein said device is an ISO 7816 compliant smartcard. 



1 28. A method for performing a symmetric cryptographic operation using a secret key 

2 with resistance to external monitoring attacks, comprising: 

3 (a) obtaining an input message; 

4 (b) generating initial unpredictable information; 

5 • (c) combining said key, said message, and said unpredictable information; 

6 (d) deriving a result, where: 

7 (i) said result is a predefined function of said input message and of 

8 said Hey, and 
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(ii) said result is independent of said unpredictable information; and 
(e) producing a response based on said result. 



1 29. The method of Claim 28 wherein said cryptographic operation is a predefined 

2 block cipher. 

1 30. The method of claim 29 wherein said blo^k cipher is the Data Encryption 

2 Standard. 
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33. 



The method of claim 29 wherein all steps are implemented in an ISO 7816- 
compliant smartcard. 



. A 

The method of claim 29 wherein individuarfio J>ii 
measurably correlated to any bit of said l?<?y. 



t manipulated in said step (d) is 



// J 



A device for performing keyed cryptographic operations, comprising: 

(a) a keyed processing unit, configured to 

(i) obtain a representation of a secret parameter encoded as a first 
plurality of paraneters, 

(ii) receive an inpui datum, 

(iii) perform a cryptographic operation upon said input datum using 
said plurality of parameters, and 

(iv) transmit the result of said cryptographic operation; and 

(b) a key update unit, configured to 

(i) obtain said fencoded representation of said secret parameter, 

(ii) obtain a blmding factor, 

(iii) produce worn said first plurality of parameters and said blinding 
factor a second plurality of parameters where 
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(1) 



(2) 




a mathematical relationship exists between said second 
plurality of parameters apd said first plurality of 
parameters; and 
said second plurality df parameters is different from said 
first plurality of parameters 



The device of claim 33 where said key preparation unit is further configured to 
derive a plurality of parameters from said secret parameter and said blinding value 
such that a mathematical relationship exists between said derived plurality of 
parameters and said obtained secretmarameter, but where no measurable 
correlation is present between any/one of said plurality of parameters and said 
secret parameter. 

The device of claim 34 where /aid mat^naj^l relationship includes addition 
modulo 2. 



The device of claim 33 where said second plurality of parameters includes 

(a) A permuted part, containing a sequence of bits in permuted order; and 

(b) An ordering part/which contains the order of bits in said permuted part 



A method for reducing the correlation between physical attributes of a 
cryptographic system iand the values of secret parameters being manipulated 
during a cryptographic operations, by masking a table lookup operation, 
consisting of the following steps: 

(a) receiving a Representation of a lookup table for use in said table lookup 
operation; 

(b) receiving input and output masking parameters corresponding to said 
received table representation; 

(c) obtaining some unpredictable information; 
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(d) deriving a transformed representation of said lookup table from said 
received lookup table and said unpredictable information; 

(e) deriving new input and output masking p^arameters corresponding to said 
transformed representation of said table 

(f) storing said transformed lookup table /nd said input and output masking 
parameters in a memory; and 

(g) using said transformed table in a ci^ptographic computation. 



The method of claim 37 where step (d) jncludes the following sub steps: 

(a) obtaining a first random value;, 

(b) generating a new output masking value from said first random value and 
an output masking value received at step (b); 

(c) obtaining a second random/value; 

(d) generating a new input masking value from said second random value and 
an input masking value received A step.(b); 

(e) producing said transformed tablptfnth the property that the i* element in 
the transformed table is equal tjo the result of 

(i) finding the element at the location in the original table specified by 
taking an index T XORed with said old input mask, 

(ii) XORing said element with the values of both said new output 
mask and said old output mask 

(iii) storing said XOR result in said transformed table at a location 
corresponding to said index T XORed with said new input mask 



The method of claimp8 where the steps are performed in a different order. 



A method for transforming data in a smartcard using the Data Encryption 
Standard with a sefcret key, comprising the steps of: 
(a) receiving a representation of a message; 
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(b) combining at least a portion of said message representation with at least a 
portion of a representation of said key p produce a DES intermediate 
representation; 

(c) producing from said DES intermediate an index to an S operation, where 
said index is a representation of a traditional 6-bit S table input; 

(d) performing an S operation, producing an S result in an expanded 
representation for which the HammingTfvfeight of said S result is 
independent of the value of said S tapfejitout; 

(e) combining the result of said S operation \yith said DES intermediate to 
produce a new DES intermediate representation; 

(f) repeating steps (c) through^ (e) a plurality of times; and 

(g) converting the final DES/intermediate representation into a DES result, 
where said DES result is a representation of the result of applying the DES 
standard to said message with said secret key. 
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